County Internal Auditor
The mission of the Office of Internal Audit is to improve the performance of Deschutes County government and to provide accountability to residents. We examine and evaluate the effectiveness, efficiency, and equity of operations through an objective, disciplined, and systematic approach.
Internal Audit Reports provide additional transparency and accountability to the residents of Deschutes County. View reports here.
People often ask who audits the auditors? We have an answer to that. Our work follows national standards for conducting objective and independent reviews.
The Audit committee is appointed by the Board of County Commissioners and plays a role in overseeing and advising on audit activities (internal and external) performed for the County.
Deschutes County’s Whistleblower Hotline is the secure, anonymous way to report fraud, waste, or abuse involving the County government, its employees, or vendors.
Interested in learning more about County decision-making and operations? The Office of Internal Audit is a great place to start. Audit reports are an opportunity to get information from a reliable and independent source
Frequently Asked Questions
The federal government and the state of Oregon have implemented laws and regulations affecting Deschutes County. In addition, the Deschutes County Board of Commissioners have established policies and procedures for County management to follow in serving the citizens of Deschutes County. Further, the Board has entered into contracts and agreements and has expended public funds to provide these services.
Because these activities are very important, an independent internal auditor is needed to evaluate whether management has met its responsibilities in complying with laws, regulations, policies, procedures, contracts, and agreements. In addition to evaluating these areas, the internal auditor also recommends areas for improvement to each audited Department.
The internal auditing process can identify areas where economy and efficiency could be improved thereby reducing cost and/or liability to the County. It can also show how losses of assets and taxpayer funds can be prevented. An internal auditing process can make recommendations for better utilization of human resources.
Independence is paramount in performing the internal audit function since it provides an atmosphere of objectivity and uninhibited appraisal.
The County Administrator is appointed by the Board of County Commissioners and is responsible for management of all County departments. The County Internal Auditor is appointed and serves at the pleasure of the County Administrator in consultation with the Audit Committee and Board. The Audit Committee, formed by policy, is comprised of four to six public citizens and three County officials. They identify and approve the direction of audits as well as meet with County departments on the results of all audits.
The Audit Committee protects the independence of the County’s Internal Auditor by ensuring the findings are not influenced by the County Administrator or the Board of County Commissioners.
The County code provides the authority for the County Internal Auditor to have full and complete access to County personnel, assets and information.
Internal audit activities generally include one or more of the following:
- Determining if the Department’s activities and procedures are efficient and effective,
- Determining if the Department is in compliance with laws, regulations, policies, procedures, contracts, and agreements,
- Evaluating the adequacy and effectiveness of the Department’s internal controls, and/or
- Investigating matters related to thefts, frauds, and other financial misconduct reported or detected during the internal audit examination process.
A risk-based approach is used to select departments for audit. Each year the County Internal Auditor analyzes County departments for a selection of risk factors. The current selection of risk factors includes:
- Administration input,
- Trends in expenditures,
- Trends in revenues,
- Department management input,
- Numbers of employees and turnover, and
- Fund type.
After weighing the factors for their relative significance, an overall risk factor is computed for each area. After consideration of the number of audit-hours (staffing level) available for the year, those departments with the greatest assessed risk are recommended to the Audit Committee for inclusion in the audit plan for the year.
The internal audit process consists of planning, data gathering, testing, summarizing, evaluating, and reporting. As part of the planning stage, an initial meeting is held with the Department to be audited. The culmination of fieldwork results in a draft audit report, which includes the audit's purpose, scope of work, background, overall evaluation, and applicable findings. (Findings are instances of non-compliance with laws and regulations, internal control weaknesses, and areas where economy and efficiency can be improved.) Each finding should have five elements to it including: condition, criteria, cause, effect, and recommendation.
After the fieldwork is completed, a thorough quality review of the audit workpapers and draft report is performed to ensure that work was performed as planned and is properly documented. The draft report is reviewed to ensure that conclusions and findings are supported by evidence obtained through inquiry, observation, and third parties.
A draft audit report is presented to County Department management for review and discussion. Under Deschutes County policy (GA-15 - Responding to Report, Study and Audit recommendations), the auditee is allowed two weeks to provide a written reply to the findings and recommendations. Once the response is received, the County Internal Auditor reviews it for adequacy and possible rebuttal. If none is warranted, management's response is attached as an exhibit to the audit report. The audit report is then issued. Copies are routinely issued to affected management, the Audit Committee, the County Administrator, and the Board of County Commissioners.
At the Audit Committee meetings (each quarter), reports are discussed with the applicable Departments that have been audited. Within a year after the audit is issued a follow-up is performed to determine the status of the recommendations.